1
/*
2
 * security/tomoyo/common.h
3
 *
4
 * Header file for TOMOYO.
5
 *
6
 * Copyright (C) 2005-2010  NTT DATA CORPORATION
7
 */
8

9
#ifndef _SECURITY_TOMOYO_COMMON_H
10
#define _SECURITY_TOMOYO_COMMON_H
11

12
#include <linux/ctype.h>
13
#include <linux/string.h>
14
#include <linux/mm.h>
15
#include <linux/file.h>
16
#include <linux/kmod.h>
17
#include <linux/fs.h>
18
#include <linux/sched.h>
19
#include <linux/namei.h>
20
#include <linux/mount.h>
21
#include <linux/list.h>
22
#include <linux/cred.h>
23
#include <linux/poll.h>
24
struct linux_binprm;
25

26
/********** Constants definitions. **********/
27

28
/*
29
 * TOMOYO uses this hash only when appending a string into the string
30
 * table. Frequency of appending strings is very low. So we don't need
31
 * large (e.g. 64k) hash size. 256 will be sufficient.
32
 */
33
#define TOMOYO_HASH_BITS  8
34
#define TOMOYO_MAX_HASH (1u<<TOMOYO_HASH_BITS)
35

36
#define TOMOYO_EXEC_TMPSIZE     4096
37

38
/* Profile number is an integer between 0 and 255. */
39
#define TOMOYO_MAX_PROFILES 256
40

41
enum tomoyo_mode_index {
42
	TOMOYO_CONFIG_DISABLED,
43
	TOMOYO_CONFIG_LEARNING,
44
	TOMOYO_CONFIG_PERMISSIVE,
45
	TOMOYO_CONFIG_ENFORCING,
46
	TOMOYO_CONFIG_USE_DEFAULT = 255
47
};
48

49
enum tomoyo_policy_id {
50
	TOMOYO_ID_GROUP,
51
	TOMOYO_ID_PATH_GROUP,
52
	TOMOYO_ID_NUMBER_GROUP,
53
	TOMOYO_ID_TRANSITION_CONTROL,
54
	TOMOYO_ID_AGGREGATOR,
55
	TOMOYO_ID_GLOBALLY_READABLE,
56
	TOMOYO_ID_PATTERN,
57
	TOMOYO_ID_NO_REWRITE,
58
	TOMOYO_ID_MANAGER,
59
	TOMOYO_ID_NAME,
60
	TOMOYO_ID_ACL,
61
	TOMOYO_ID_DOMAIN,
62
	TOMOYO_MAX_POLICY
63
};
64

65
enum tomoyo_group_id {
66
	TOMOYO_PATH_GROUP,
67
	TOMOYO_NUMBER_GROUP,
68
	TOMOYO_MAX_GROUP
69
};
70

71
/* Keywords for ACLs. */
72
#define TOMOYO_KEYWORD_AGGREGATOR                "aggregator "
73
#define TOMOYO_KEYWORD_ALLOW_MOUNT               "allow_mount "
74
#define TOMOYO_KEYWORD_ALLOW_READ                "allow_read "
75
#define TOMOYO_KEYWORD_DELETE                    "delete "
76
#define TOMOYO_KEYWORD_DENY_REWRITE              "deny_rewrite "
77
#define TOMOYO_KEYWORD_FILE_PATTERN              "file_pattern "
78
#define TOMOYO_KEYWORD_INITIALIZE_DOMAIN         "initialize_domain "
79
#define TOMOYO_KEYWORD_KEEP_DOMAIN               "keep_domain "
80
#define TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN      "no_initialize_domain "
81
#define TOMOYO_KEYWORD_NO_KEEP_DOMAIN            "no_keep_domain "
82
#define TOMOYO_KEYWORD_PATH_GROUP                "path_group "
83
#define TOMOYO_KEYWORD_NUMBER_GROUP              "number_group "
84
#define TOMOYO_KEYWORD_SELECT                    "select "
85
#define TOMOYO_KEYWORD_USE_PROFILE               "use_profile "
86
#define TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ  "ignore_global_allow_read"
87
#define TOMOYO_KEYWORD_QUOTA_EXCEEDED            "quota_exceeded"
88
#define TOMOYO_KEYWORD_TRANSITION_FAILED         "transition_failed"
89
/* A domain definition starts with <kernel>. */
90
#define TOMOYO_ROOT_NAME                         "<kernel>"
91
#define TOMOYO_ROOT_NAME_LEN                     (sizeof(TOMOYO_ROOT_NAME) - 1)
92

93
/* Value type definition. */
94
#define TOMOYO_VALUE_TYPE_INVALID     0
95
#define TOMOYO_VALUE_TYPE_DECIMAL     1
96
#define TOMOYO_VALUE_TYPE_OCTAL       2
97
#define TOMOYO_VALUE_TYPE_HEXADECIMAL 3
98

99
enum tomoyo_transition_type {
100
	/* Do not change this order, */
101
	TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE,
102
	TOMOYO_TRANSITION_CONTROL_INITIALIZE,
103
	TOMOYO_TRANSITION_CONTROL_NO_KEEP,
104
	TOMOYO_TRANSITION_CONTROL_KEEP,
105
	TOMOYO_MAX_TRANSITION_TYPE
106
};
107

108
/* Index numbers for Access Controls. */
109
enum tomoyo_acl_entry_type_index {
110
	TOMOYO_TYPE_PATH_ACL,
111
	TOMOYO_TYPE_PATH2_ACL,
112
	TOMOYO_TYPE_PATH_NUMBER_ACL,
113
	TOMOYO_TYPE_MKDEV_ACL,
114
	TOMOYO_TYPE_MOUNT_ACL,
115
};
116

117
/* Index numbers for File Controls. */
118

119
/*
120
 * TOMOYO_TYPE_READ_WRITE is special. TOMOYO_TYPE_READ_WRITE is automatically
121
 * set if both TOMOYO_TYPE_READ and TOMOYO_TYPE_WRITE are set.
122
 * Both TOMOYO_TYPE_READ and TOMOYO_TYPE_WRITE are automatically set if
123
 * TOMOYO_TYPE_READ_WRITE is set.
124
 * TOMOYO_TYPE_READ_WRITE is automatically cleared if either TOMOYO_TYPE_READ
125
 * or TOMOYO_TYPE_WRITE is cleared.
126
 * Both TOMOYO_TYPE_READ and TOMOYO_TYPE_WRITE are automatically cleared if
127
 * TOMOYO_TYPE_READ_WRITE is cleared.
128
 */
129

130
enum tomoyo_path_acl_index {
131
	TOMOYO_TYPE_READ_WRITE,
132
	TOMOYO_TYPE_EXECUTE,
133
	TOMOYO_TYPE_READ,
134
	TOMOYO_TYPE_WRITE,
135
	TOMOYO_TYPE_UNLINK,
136
	TOMOYO_TYPE_RMDIR,
137
	TOMOYO_TYPE_TRUNCATE,
138
	TOMOYO_TYPE_SYMLINK,
139
	TOMOYO_TYPE_REWRITE,
140
	TOMOYO_TYPE_CHROOT,
141
	TOMOYO_TYPE_UMOUNT,
142
	TOMOYO_MAX_PATH_OPERATION
143
};
144

145
#define TOMOYO_RW_MASK ((1 << TOMOYO_TYPE_READ) | (1 << TOMOYO_TYPE_WRITE))
146

147
enum tomoyo_mkdev_acl_index {
148
	TOMOYO_TYPE_MKBLOCK,
149
	TOMOYO_TYPE_MKCHAR,
150
	TOMOYO_MAX_MKDEV_OPERATION
151
};
152

153
enum tomoyo_path2_acl_index {
154
	TOMOYO_TYPE_LINK,
155
	TOMOYO_TYPE_RENAME,
156
	TOMOYO_TYPE_PIVOT_ROOT,
157
	TOMOYO_MAX_PATH2_OPERATION
158
};
159

160
enum tomoyo_path_number_acl_index {
161
	TOMOYO_TYPE_CREATE,
162
	TOMOYO_TYPE_MKDIR,
163
	TOMOYO_TYPE_MKFIFO,
164
	TOMOYO_TYPE_MKSOCK,
165
	TOMOYO_TYPE_IOCTL,
166
	TOMOYO_TYPE_CHMOD,
167
	TOMOYO_TYPE_CHOWN,
168
	TOMOYO_TYPE_CHGRP,
169
	TOMOYO_MAX_PATH_NUMBER_OPERATION
170
};
171

172
enum tomoyo_securityfs_interface_index {
173
	TOMOYO_DOMAINPOLICY,
174
	TOMOYO_EXCEPTIONPOLICY,
175
	TOMOYO_DOMAIN_STATUS,
176
	TOMOYO_PROCESS_STATUS,
177
	TOMOYO_MEMINFO,
178
	TOMOYO_SELFDOMAIN,
179
	TOMOYO_VERSION,
180
	TOMOYO_PROFILE,
181
	TOMOYO_QUERY,
182
	TOMOYO_MANAGER
183
};
184

185
enum tomoyo_mac_index {
186
	TOMOYO_MAC_FILE_EXECUTE,
187
	TOMOYO_MAC_FILE_OPEN,
188
	TOMOYO_MAC_FILE_CREATE,
189
	TOMOYO_MAC_FILE_UNLINK,
190
	TOMOYO_MAC_FILE_MKDIR,
191
	TOMOYO_MAC_FILE_RMDIR,
192
	TOMOYO_MAC_FILE_MKFIFO,
193
	TOMOYO_MAC_FILE_MKSOCK,
194
	TOMOYO_MAC_FILE_TRUNCATE,
195
	TOMOYO_MAC_FILE_SYMLINK,
196
	TOMOYO_MAC_FILE_REWRITE,
197
	TOMOYO_MAC_FILE_MKBLOCK,
198
	TOMOYO_MAC_FILE_MKCHAR,
199
	TOMOYO_MAC_FILE_LINK,
200
	TOMOYO_MAC_FILE_RENAME,
201
	TOMOYO_MAC_FILE_CHMOD,
202
	TOMOYO_MAC_FILE_CHOWN,
203
	TOMOYO_MAC_FILE_CHGRP,
204
	TOMOYO_MAC_FILE_IOCTL,
205
	TOMOYO_MAC_FILE_CHROOT,
206
	TOMOYO_MAC_FILE_MOUNT,
207
	TOMOYO_MAC_FILE_UMOUNT,
208
	TOMOYO_MAC_FILE_PIVOT_ROOT,
209
	TOMOYO_MAX_MAC_INDEX
210
};
211

212
enum tomoyo_mac_category_index {
213
	TOMOYO_MAC_CATEGORY_FILE,
214
	TOMOYO_MAX_MAC_CATEGORY_INDEX
215
};
216

217
#define TOMOYO_RETRY_REQUEST 1 /* Retry this request. */
218

219
/********** Structure definitions. **********/
220

221
/*
222
 * tomoyo_acl_head is a structure which is used for holding elements not in
223
 * domain policy.
224
 * It has following fields.
225
 *
226
 *  (1) "list" which is linked to tomoyo_policy_list[] .
227
 *  (2) "is_deleted" is a bool which is true if marked as deleted, false
228
 *      otherwise.
229
 */
230
struct tomoyo_acl_head {
231
	struct list_head list;
232
	bool is_deleted;
233
} __packed;
234

235
/*
236
 * tomoyo_request_info is a structure which is used for holding
237
 *
238
 * (1) Domain information of current process.
239
 * (2) How many retries are made for this request.
240
 * (3) Profile number used for this request.
241
 * (4) Access control mode of the profile.
242
 */
243
struct tomoyo_request_info {
244
	struct tomoyo_domain_info *domain;
245
	/* For holding parameters. */
246
	union {
247
		struct {
248
			const struct tomoyo_path_info *filename;
249
			/* For using wildcards at tomoyo_find_next_domain(). */
250
			const struct tomoyo_path_info *matched_path;
251
			u8 operation;
252
		} path;
253
		struct {
254
			const struct tomoyo_path_info *filename1;
255
			const struct tomoyo_path_info *filename2;
256
			u8 operation;
257
		} path2;
258
		struct {
259
			const struct tomoyo_path_info *filename;
260
			unsigned int mode;
261
			unsigned int major;
262
			unsigned int minor;
263
			u8 operation;
264
		} mkdev;
265
		struct {
266
			const struct tomoyo_path_info *filename;
267
			unsigned long number;
268
			u8 operation;
269
		} path_number;
270
		struct {
271
			const struct tomoyo_path_info *type;
272
			const struct tomoyo_path_info *dir;
273
			const struct tomoyo_path_info *dev;
274
			unsigned long flags;
275
			int need_dev;
276
		} mount;
277
	} param;
278
	u8 param_type;
279
	bool granted;
280
	u8 retry;
281
	u8 profile;
282
	u8 mode; /* One of tomoyo_mode_index . */
283
	u8 type;
284
};
285

286
/*
287
 * tomoyo_path_info is a structure which is used for holding a string data
288
 * used by TOMOYO.
289
 * This structure has several fields for supporting pattern matching.
290
 *
291
 * (1) "name" is the '\0' terminated string data.
292
 * (2) "hash" is full_name_hash(name, strlen(name)).
293
 *     This allows tomoyo_pathcmp() to compare by hash before actually compare
294
 *     using strcmp().
295
 * (3) "const_len" is the length of the initial segment of "name" which
296
 *     consists entirely of non wildcard characters. In other words, the length
297
 *     which we can compare two strings using strncmp().
298
 * (4) "is_dir" is a bool which is true if "name" ends with "/",
299
 *     false otherwise.
300
 *     TOMOYO distinguishes directory and non-directory. A directory ends with
301
 *     "/" and non-directory does not end with "/".
302
 * (5) "is_patterned" is a bool which is true if "name" contains wildcard
303
 *     characters, false otherwise. This allows TOMOYO to use "hash" and
304
 *     strcmp() for string comparison if "is_patterned" is false.
305
 */
306
struct tomoyo_path_info {
307
	const char *name;
308
	u32 hash;          /* = full_name_hash(name, strlen(name)) */
309
	u16 const_len;     /* = tomoyo_const_part_length(name)     */
310
	bool is_dir;       /* = tomoyo_strendswith(name, "/")      */
311
	bool is_patterned; /* = tomoyo_path_contains_pattern(name) */
312
};
313

314
/*
315
 * tomoyo_name is a structure which is used for linking
316
 * "struct tomoyo_path_info" into tomoyo_name_list .
317
 */
318
struct tomoyo_name {
319
	struct list_head list;
320
	atomic_t users;
321
	struct tomoyo_path_info entry;
322
};
323

324
struct tomoyo_name_union {
325
	const struct tomoyo_path_info *filename;
326
	struct tomoyo_group *group;
327
	u8 is_group;
328
};
329

330
struct tomoyo_number_union {
331
	unsigned long values[2];
332
	struct tomoyo_group *group;
333
	u8 min_type;
334
	u8 max_type;
335
	u8 is_group;
336
};
337

338
/* Structure for "path_group"/"number_group" directive. */
339
struct tomoyo_group {
340
	struct list_head list;
341
	const struct tomoyo_path_info *group_name;
342
	struct list_head member_list;
343
	atomic_t users;
344
};
345

346
/* Structure for "path_group" directive. */
347
struct tomoyo_path_group {
348
	struct tomoyo_acl_head head;
349
	const struct tomoyo_path_info *member_name;
350
};
351

352
/* Structure for "number_group" directive. */
353
struct tomoyo_number_group {
354
	struct tomoyo_acl_head head;
355
	struct tomoyo_number_union number;
356
};
357

358
/*
359
 * tomoyo_acl_info is a structure which is used for holding
360
 *
361
 *  (1) "list" which is linked to the ->acl_info_list of
362
 *      "struct tomoyo_domain_info"
363
 *  (2) "is_deleted" is a bool which is true if this domain is marked as
364
 *      "deleted", false otherwise.
365
 *  (3) "type" which tells type of the entry.
366
 *
367
 * Packing "struct tomoyo_acl_info" allows
368
 * "struct tomoyo_path_acl" to embed "u16" and "struct tomoyo_path2_acl"
369
 * "struct tomoyo_path_number_acl" "struct tomoyo_mkdev_acl" to embed
370
 * "u8" without enlarging their structure size.
371
 */
372
struct tomoyo_acl_info {
373
	struct list_head list;
374
	bool is_deleted;
375
	u8 type; /* = one of values in "enum tomoyo_acl_entry_type_index". */
376
} __packed;
377

378
/*
379
 * tomoyo_domain_info is a structure which is used for holding permissions
380
 * (e.g. "allow_read /lib/libc-2.5.so") given to each domain.
381
 * It has following fields.
382
 *
383
 *  (1) "list" which is linked to tomoyo_domain_list .
384
 *  (2) "acl_info_list" which is linked to "struct tomoyo_acl_info".
385
 *  (3) "domainname" which holds the name of the domain.
386
 *  (4) "profile" which remembers profile number assigned to this domain.
387
 *  (5) "is_deleted" is a bool which is true if this domain is marked as
388
 *      "deleted", false otherwise.
389
 *  (6) "quota_warned" is a bool which is used for suppressing warning message
390
 *      when learning mode learned too much entries.
391
 *  (7) "ignore_global_allow_read" is a bool which is true if this domain
392
 *      should ignore "allow_read" directive in exception policy.
393
 *  (8) "transition_failed" is a bool which is set to true when this domain was
394
 *      unable to create a new domain at tomoyo_find_next_domain() because the
395
 *      name of the domain to be created was too long or it could not allocate
396
 *      memory. If set to true, more than one process continued execve()
397
 *      without domain transition.
398
 *  (9) "users" is an atomic_t that holds how many "struct cred"->security
399
 *      are referring this "struct tomoyo_domain_info". If is_deleted == true
400
 *      and users == 0, this struct will be kfree()d upon next garbage
401
 *      collection.
402
 *
403
 * A domain's lifecycle is an analogy of files on / directory.
404
 * Multiple domains with the same domainname cannot be created (as with
405
 * creating files with the same filename fails with -EEXIST).
406
 * If a process reached a domain, that process can reside in that domain after
407
 * that domain is marked as "deleted" (as with a process can access an already
408
 * open()ed file after that file was unlink()ed).
409
 */
410
struct tomoyo_domain_info {
411
	struct list_head list;
412
	struct list_head acl_info_list;
413
	/* Name of this domain. Never NULL.          */
414
	const struct tomoyo_path_info *domainname;
415
	u8 profile;        /* Profile number to use. */
416
	bool is_deleted;   /* Delete flag.           */
417
	bool quota_warned; /* Quota warnning flag.   */
418
	bool ignore_global_allow_read; /* Ignore "allow_read" flag. */
419
	bool transition_failed; /* Domain transition failed flag. */
420
	atomic_t users; /* Number of referring credentials. */
421
};
422

423
/*
424
 * tomoyo_path_acl is a structure which is used for holding an
425
 * entry with one pathname operation (e.g. open(), mkdir()).
426
 * It has following fields.
427
 *
428
 *  (1) "head" which is a "struct tomoyo_acl_info".
429
 *  (2) "perm" which is a bitmask of permitted operations.
430
 *  (3) "name" is the pathname.
431
 *
432
 * Directives held by this structure are "allow_read/write", "allow_execute",
433
 * "allow_read", "allow_write", "allow_unlink", "allow_rmdir",
434
 * "allow_truncate", "allow_symlink", "allow_rewrite", "allow_chroot" and
435
 * "allow_unmount".
436
 */
437
struct tomoyo_path_acl {
438
	struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_ACL */
439
	u16 perm;
440
	struct tomoyo_name_union name;
441
};
442

443
/*
444
 * tomoyo_path_number_acl is a structure which is used for holding an
445
 * entry with one pathname and one number operation.
446
 * It has following fields.
447
 *
448
 *  (1) "head" which is a "struct tomoyo_acl_info".
449
 *  (2) "perm" which is a bitmask of permitted operations.
450
 *  (3) "name" is the pathname.
451
 *  (4) "number" is the numeric value.
452
 *
453
 * Directives held by this structure are "allow_create", "allow_mkdir",
454
 * "allow_ioctl", "allow_mkfifo", "allow_mksock", "allow_chmod", "allow_chown"
455
 * and "allow_chgrp".
456
 *
457
 */
458
struct tomoyo_path_number_acl {
459
	struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_NUMBER_ACL */
460
	u8 perm;
461
	struct tomoyo_name_union name;
462
	struct tomoyo_number_union number;
463
};
464

465
/*
466
 * tomoyo_mkdev_acl is a structure which is used for holding an
467
 * entry with one pathname and three numbers operation.
468
 * It has following fields.
469
 *
470
 *  (1) "head" which is a "struct tomoyo_acl_info".
471
 *  (2) "perm" which is a bitmask of permitted operations.
472
 *  (3) "mode" is the create mode.
473
 *  (4) "major" is the major number of device node.
474
 *  (5) "minor" is the minor number of device node.
475
 *
476
 * Directives held by this structure are "allow_mkchar", "allow_mkblock".
477
 *
478
 */
479
struct tomoyo_mkdev_acl {
480
	struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_MKDEV_ACL */
481
	u8 perm;
482
	struct tomoyo_name_union name;
483
	struct tomoyo_number_union mode;
484
	struct tomoyo_number_union major;
485
	struct tomoyo_number_union minor;
486
};
487

488
/*
489
 * tomoyo_path2_acl is a structure which is used for holding an
490
 * entry with two pathnames operation (i.e. link(), rename() and pivot_root()).
491
 * It has following fields.
492
 *
493
 *  (1) "head" which is a "struct tomoyo_acl_info".
494
 *  (2) "perm" which is a bitmask of permitted operations.
495
 *  (3) "name1" is the source/old pathname.
496
 *  (4) "name2" is the destination/new pathname.
497
 *
498
 * Directives held by this structure are "allow_rename", "allow_link" and
499
 * "allow_pivot_root".
500
 */
501
struct tomoyo_path2_acl {
502
	struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH2_ACL */
503
	u8 perm;
504
	struct tomoyo_name_union name1;
505
	struct tomoyo_name_union name2;
506
};
507

508
/*
509
 * tomoyo_mount_acl is a structure which is used for holding an
510
 * entry for mount operation.
511
 * It has following fields.
512
 *
513
 *  (1) "head" which is a "struct tomoyo_acl_info".
514
 *  (2) "dev_name" is the device name.
515
 *  (3) "dir_name" is the mount point.
516
 *  (4) "fs_type" is the filesystem type.
517
 *  (5) "flags" is the mount flags.
518
 *
519
 * Directive held by this structure is "allow_mount".
520
 */
521
struct tomoyo_mount_acl {
522
	struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_MOUNT_ACL */
523
	struct tomoyo_name_union dev_name;
524
	struct tomoyo_name_union dir_name;
525
	struct tomoyo_name_union fs_type;
526
	struct tomoyo_number_union flags;
527
};
528

529
#define TOMOYO_MAX_IO_READ_QUEUE 32
530

531
/*
532
 * Structure for reading/writing policy via /sys/kernel/security/tomoyo
533
 * interfaces.
534
 */
535
struct tomoyo_io_buffer {
536
	void (*read) (struct tomoyo_io_buffer *);
537
	int (*write) (struct tomoyo_io_buffer *);
538
	int (*poll) (struct file *file, poll_table *wait);
539
	/* Exclusive lock for this structure.   */
540
	struct mutex io_sem;
541
	/* Index returned by tomoyo_read_lock(). */
542
	int reader_idx;
543
	char __user *read_user_buf;
544
	int read_user_buf_avail;
545
	struct {
546
		struct list_head *domain;
547
		struct list_head *group;
548
		struct list_head *acl;
549
		int avail;
550
		int step;
551
		int query_index;
552
		u16 index;
553
		u8 bit;
554
		u8 w_pos;
555
		bool eof;
556
		bool print_this_domain_only;
557
		bool print_execute_only;
558
		const char *w[TOMOYO_MAX_IO_READ_QUEUE];
559
	} r;
560
	/* The position currently writing to.   */
561
	struct tomoyo_domain_info *write_var1;
562
	/* Buffer for reading.                  */
563
	char *read_buf;
564
	/* Size of read buffer.                 */
565
	int readbuf_size;
566
	/* Buffer for writing.                  */
567
	char *write_buf;
568
	/* Bytes available for writing.         */
569
	int write_avail;
570
	/* Size of write buffer.                */
571
	int writebuf_size;
572
	/* Type of this interface.              */
573
	u8 type;
574
};
575

576
/*
577
 * tomoyo_readable_file is a structure which is used for holding
578
 * "allow_read" entries.
579
 * It has following fields.
580
 *
581
 *  (1) "head" is "struct tomoyo_acl_head".
582
 *  (2) "filename" is a pathname which is allowed to open(O_RDONLY).
583
 */
584
struct tomoyo_readable_file {
585
	struct tomoyo_acl_head head;
586
	const struct tomoyo_path_info *filename;
587
};
588

589
/*
590
 * tomoyo_no_pattern is a structure which is used for holding
591
 * "file_pattern" entries.
592
 * It has following fields.
593
 *
594
 *  (1) "head" is "struct tomoyo_acl_head".
595
 *  (2) "pattern" is a pathname pattern which is used for converting pathnames
596
 *      to pathname patterns during learning mode.
597
 */
598
struct tomoyo_no_pattern {
599
	struct tomoyo_acl_head head;
600
	const struct tomoyo_path_info *pattern;
601
};
602

603
/*
604
 * tomoyo_no_rewrite is a structure which is used for holding
605
 * "deny_rewrite" entries.
606
 * It has following fields.
607
 *
608
 *  (1) "head" is "struct tomoyo_acl_head".
609
 *  (2) "pattern" is a pathname which is by default not permitted to modify
610
 *      already existing content.
611
 */
612
struct tomoyo_no_rewrite {
613
	struct tomoyo_acl_head head;
614
	const struct tomoyo_path_info *pattern;
615
};
616

617
/*
618
 * tomoyo_transition_control is a structure which is used for holding
619
 * "initialize_domain"/"no_initialize_domain"/"keep_domain"/"no_keep_domain"
620
 * entries.
621
 * It has following fields.
622
 *
623
 *  (1) "head" is "struct tomoyo_acl_head".
624
 *  (2) "type" is type of this entry.
625
 *  (3) "is_last_name" is a bool which is true if "domainname" is "the last
626
 *      component of a domainname", false otherwise.
627
 *  (4) "domainname" which is "a domainname" or "the last component of a
628
 *      domainname".
629
 *  (5) "program" which is a program's pathname.
630
 */
631
struct tomoyo_transition_control {
632
	struct tomoyo_acl_head head;
633
	u8 type; /* One of values in "enum tomoyo_transition_type".  */
634
	/* True if the domainname is tomoyo_get_last_name(). */
635
	bool is_last_name;
636
	const struct tomoyo_path_info *domainname; /* Maybe NULL */
637
	const struct tomoyo_path_info *program;    /* Maybe NULL */
638
};
639

640
/*
641
 * tomoyo_aggregator is a structure which is used for holding
642
 * "aggregator" entries.
643
 * It has following fields.
644
 *
645
 *  (1) "head" is "struct tomoyo_acl_head".
646
 *  (2) "original_name" which is originally requested name.
647
 *  (3) "aggregated_name" which is name to rewrite.
648
 */
649
struct tomoyo_aggregator {
650
	struct tomoyo_acl_head head;
651
	const struct tomoyo_path_info *original_name;
652
	const struct tomoyo_path_info *aggregated_name;
653
};
654

655
/*
656
 * tomoyo_manager is a structure which is used for holding list of
657
 * domainnames or programs which are permitted to modify configuration via
658
 * /sys/kernel/security/tomoyo/ interface.
659
 * It has following fields.
660
 *
661
 *  (1) "head" is "struct tomoyo_acl_head".
662
 *  (2) "is_domain" is a bool which is true if "manager" is a domainname, false
663
 *      otherwise.
664
 *  (3) "manager" is a domainname or a program's pathname.
665
 */
666
struct tomoyo_manager {
667
	struct tomoyo_acl_head head;
668
	bool is_domain;  /* True if manager is a domainname. */
669
	/* A path to program or a domainname. */
670
	const struct tomoyo_path_info *manager;
671
};
672

673
struct tomoyo_preference {
674
	unsigned int learning_max_entry;
675
	bool enforcing_verbose;
676
	bool learning_verbose;
677
	bool permissive_verbose;
678
};
679

680
struct tomoyo_profile {
681
	const struct tomoyo_path_info *comment;
682
	struct tomoyo_preference *learning;
683
	struct tomoyo_preference *permissive;
684
	struct tomoyo_preference *enforcing;
685
	struct tomoyo_preference preference;
686
	u8 default_config;
687
	u8 config[TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX];
688
};
689

690
/********** Function prototypes. **********/
691

692
/* Check whether the given string starts with the given keyword. */
693
bool tomoyo_str_starts(char **src, const char *find);
694
/* Get tomoyo_realpath() of current process. */
695
const char *tomoyo_get_exe(void);
696
/* Format string. */
697
void tomoyo_normalize_line(unsigned char *buffer);
698
/* Print warning or error message on console. */
699
void tomoyo_warn_log(struct tomoyo_request_info *r, const char *fmt, ...)
700
     __attribute__ ((format(printf, 2, 3)));
701
/* Check all profiles currently assigned to domains are defined. */
702
void tomoyo_check_profile(void);
703
/* Open operation for /sys/kernel/security/tomoyo/ interface. */
704
int tomoyo_open_control(const u8 type, struct file *file);
705
/* Close /sys/kernel/security/tomoyo/ interface. */
706
int tomoyo_close_control(struct file *file);
707
/* Poll operation for /sys/kernel/security/tomoyo/ interface. */
708
int tomoyo_poll_control(struct file *file, poll_table *wait);
709
/* Read operation for /sys/kernel/security/tomoyo/ interface. */
710
int tomoyo_read_control(struct file *file, char __user *buffer,
711
			const int buffer_len);
712
/* Write operation for /sys/kernel/security/tomoyo/ interface. */
713
int tomoyo_write_control(struct file *file, const char __user *buffer,
714
			 const int buffer_len);
715
/* Check whether the domain has too many ACL entries to hold. */
716
bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r);
717
/* Print out of memory warning message. */
718
void tomoyo_warn_oom(const char *function);
719
/* Check whether the given name matches the given name_union. */
720
const struct tomoyo_path_info *
721
tomoyo_compare_name_union(const struct tomoyo_path_info *name,
722
			  const struct tomoyo_name_union *ptr);
723
/* Check whether the given number matches the given number_union. */
724
bool tomoyo_compare_number_union(const unsigned long value,
725
				 const struct tomoyo_number_union *ptr);
726
int tomoyo_get_mode(const u8 profile, const u8 index);
727
void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...)
728
	__attribute__ ((format(printf, 2, 3)));
729
/* Check whether the domainname is correct. */
730
bool tomoyo_correct_domain(const unsigned char *domainname);
731
/* Check whether the token is correct. */
732
bool tomoyo_correct_path(const char *filename);
733
bool tomoyo_correct_word(const char *string);
734
/* Check whether the token can be a domainname. */
735
bool tomoyo_domain_def(const unsigned char *buffer);
736
bool tomoyo_parse_name_union(const char *filename,
737
			     struct tomoyo_name_union *ptr);
738
/* Check whether the given filename matches the given path_group. */
739
const struct tomoyo_path_info *
740
tomoyo_path_matches_group(const struct tomoyo_path_info *pathname,
741
			  const struct tomoyo_group *group);
742
/* Check whether the given value matches the given number_group. */
743
bool tomoyo_number_matches_group(const unsigned long min,
744
				 const unsigned long max,
745
				 const struct tomoyo_group *group);
746
/* Check whether the given filename matches the given pattern. */
747
bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename,
748
				 const struct tomoyo_path_info *pattern);
749

750
bool tomoyo_parse_number_union(char *data, struct tomoyo_number_union *num);
751
/* Tokenize a line. */
752
bool tomoyo_tokenize(char *buffer, char *w[], size_t size);
753
/* Write domain policy violation warning message to console? */
754
bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain);
755
/* Fill "struct tomoyo_request_info". */
756
int tomoyo_init_request_info(struct tomoyo_request_info *r,
757
			     struct tomoyo_domain_info *domain,
758
			     const u8 index);
759
/* Check permission for mount operation. */
760
int tomoyo_mount_permission(char *dev_name, struct path *path, char *type,
761
			    unsigned long flags, void *data_page);
762
/* Create "aggregator" entry in exception policy. */
763
int tomoyo_write_aggregator(char *data, const bool is_delete);
764
int tomoyo_write_transition_control(char *data, const bool is_delete,
765
				    const u8 type);
766
/*
767
 * Create "allow_read/write", "allow_execute", "allow_read", "allow_write",
768
 * "allow_create", "allow_unlink", "allow_mkdir", "allow_rmdir",
769
 * "allow_mkfifo", "allow_mksock", "allow_mkblock", "allow_mkchar",
770
 * "allow_truncate", "allow_symlink", "allow_rewrite", "allow_rename" and
771
 * "allow_link" entry in domain policy.
772
 */
773
int tomoyo_write_file(char *data, struct tomoyo_domain_info *domain,
774
		      const bool is_delete);
775
/* Create "allow_read" entry in exception policy. */
776
int tomoyo_write_globally_readable(char *data, const bool is_delete);
777
/* Create "allow_mount" entry in domain policy. */
778
int tomoyo_write_mount(char *data, struct tomoyo_domain_info *domain,
779
		       const bool is_delete);
780
/* Create "deny_rewrite" entry in exception policy. */
781
int tomoyo_write_no_rewrite(char *data, const bool is_delete);
782
/* Create "file_pattern" entry in exception policy. */
783
int tomoyo_write_pattern(char *data, const bool is_delete);
784
/* Create "path_group"/"number_group" entry in exception policy. */
785
int tomoyo_write_group(char *data, const bool is_delete, const u8 type);
786
int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...)
787
     __attribute__ ((format(printf, 2, 3)));
788
/* Find a domain by the given name. */
789
struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname);
790
/* Find or create a domain by the given name. */
791
struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname,
792
						const u8 profile);
793
struct tomoyo_profile *tomoyo_profile(const u8 profile);
794
/*
795
 * Allocate memory for "struct tomoyo_path_group"/"struct tomoyo_number_group".
796
 */
797
struct tomoyo_group *tomoyo_get_group(const char *group_name, const u8 type);
798

799
/* Check mode for specified functionality. */
800
unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain,
801
				const u8 index);
802
/* Fill in "struct tomoyo_path_info" members. */
803
void tomoyo_fill_path_info(struct tomoyo_path_info *ptr);
804
/* Run policy loader when /sbin/init starts. */
805
void tomoyo_load_policy(const char *filename);
806

807
void tomoyo_put_number_union(struct tomoyo_number_union *ptr);
808

809
/* Convert binary string to ascii string. */
810
char *tomoyo_encode(const char *str);
811

812
/*
813
 * Returns realpath(3) of the given pathname except that
814
 * ignores chroot'ed root and does not follow the final symlink.
815
 */
816
char *tomoyo_realpath_nofollow(const char *pathname);
817
/*
818
 * Returns realpath(3) of the given pathname except that
819
 * ignores chroot'ed root and the pathname is already solved.
820
 */
821
char *tomoyo_realpath_from_path(struct path *path);
822
/* Get patterned pathname. */
823
const char *tomoyo_pattern(const struct tomoyo_path_info *filename);
824

825
/* Check memory quota. */
826
bool tomoyo_memory_ok(void *ptr);
827
void *tomoyo_commit_ok(void *data, const unsigned int size);
828

829
/*
830
 * Keep the given name on the RAM.
831
 * The RAM is shared, so NEVER try to modify or kfree() the returned name.
832
 */
833
const struct tomoyo_path_info *tomoyo_get_name(const char *name);
834

835
/* Check for memory usage. */
836
void tomoyo_read_memory_counter(struct tomoyo_io_buffer *head);
837

838
/* Set memory quota. */
839
int tomoyo_write_memory_quota(struct tomoyo_io_buffer *head);
840

841
/* Initialize mm related code. */
842
void __init tomoyo_mm_init(void);
843
int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation,
844
			   const struct tomoyo_path_info *filename);
845
int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
846
				 struct path *path, const int flag);
847
int tomoyo_path_number_perm(const u8 operation, struct path *path,
848
			    unsigned long number);
849
int tomoyo_mkdev_perm(const u8 operation, struct path *path,
850
		      const unsigned int mode, unsigned int dev);
851
int tomoyo_path_perm(const u8 operation, struct path *path);
852
int tomoyo_path2_perm(const u8 operation, struct path *path1,
853
		      struct path *path2);
854
int tomoyo_find_next_domain(struct linux_binprm *bprm);
855

856
void tomoyo_print_ulong(char *buffer, const int buffer_len,
857
			const unsigned long value, const u8 type);
858

859
/* Drop refcount on tomoyo_name_union. */
860
void tomoyo_put_name_union(struct tomoyo_name_union *ptr);
861

862
/* Run garbage collector. */
863
void tomoyo_run_gc(void);
864

865
void tomoyo_memory_free(void *ptr);
866

867
int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size,
868
			 bool is_delete, struct tomoyo_domain_info *domain,
869
			 bool (*check_duplicate) (const struct tomoyo_acl_info
870
						  *,
871
						  const struct tomoyo_acl_info
872
						  *),
873
			 bool (*merge_duplicate) (struct tomoyo_acl_info *,
874
						  struct tomoyo_acl_info *,
875
						  const bool));
876
int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size,
877
			 bool is_delete, struct list_head *list,
878
			 bool (*check_duplicate) (const struct tomoyo_acl_head
879
						  *,
880
						  const struct tomoyo_acl_head
881
						  *));
882
void tomoyo_check_acl(struct tomoyo_request_info *r,
883
		      bool (*check_entry) (struct tomoyo_request_info *,
884
					   const struct tomoyo_acl_info *));
885

886
/********** External variable definitions. **********/
887

888
/* Lock for GC. */
889
extern struct srcu_struct tomoyo_ss;
890

891
/* The list for "struct tomoyo_domain_info". */
892
extern struct list_head tomoyo_domain_list;
893

894
extern struct list_head tomoyo_policy_list[TOMOYO_MAX_POLICY];
895
extern struct list_head tomoyo_group_list[TOMOYO_MAX_GROUP];
896
extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH];
897

898
/* Lock for protecting policy. */
899
extern struct mutex tomoyo_policy_lock;
900

901
/* Has /sbin/init started? */
902
extern bool tomoyo_policy_loaded;
903

904
/* The kernel's domain. */
905
extern struct tomoyo_domain_info tomoyo_kernel_domain;
906

907
extern const char *tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION];
908
extern const char *tomoyo_mkdev_keyword[TOMOYO_MAX_MKDEV_OPERATION];
909
extern const char *tomoyo_path2_keyword[TOMOYO_MAX_PATH2_OPERATION];
910
extern const char *tomoyo_path_number_keyword[TOMOYO_MAX_PATH_NUMBER_OPERATION];
911

912
extern unsigned int tomoyo_quota_for_query;
913
extern unsigned int tomoyo_query_memory_size;
914

915
/********** Inlined functions. **********/
916

917
static inline int tomoyo_read_lock(void)
918
{
919
	return srcu_read_lock(&tomoyo_ss);
920
}
921

922
static inline void tomoyo_read_unlock(int idx)
923
{
924
	srcu_read_unlock(&tomoyo_ss, idx);
925
}
926

927
/* strcmp() for "struct tomoyo_path_info" structure. */
928
static inline bool tomoyo_pathcmp(const struct tomoyo_path_info *a,
929
				  const struct tomoyo_path_info *b)
930
{
931
	return a->hash != b->hash || strcmp(a->name, b->name);
932
}
933

934
/**
935
 * tomoyo_valid - Check whether the character is a valid char.
936
 *
937
 * @c: The character to check.
938
 *
939
 * Returns true if @c is a valid character, false otherwise.
940
 */
941
static inline bool tomoyo_valid(const unsigned char c)
942
{
943
	return c > ' ' && c < 127;
944
}
945

946
/**
947
 * tomoyo_invalid - Check whether the character is an invalid char.
948
 *
949
 * @c: The character to check.
950
 *
951
 * Returns true if @c is an invalid character, false otherwise.
952
 */
953
static inline bool tomoyo_invalid(const unsigned char c)
954
{
955
	return c && (c <= ' ' || c >= 127);
956
}
957

958
static inline void tomoyo_put_name(const struct tomoyo_path_info *name)
959
{
960
	if (name) {
961
		struct tomoyo_name *ptr =
962
			container_of(name, typeof(*ptr), entry);
963
		atomic_dec(&ptr->users);
964
	}
965
}
966

967
static inline void tomoyo_put_group(struct tomoyo_group *group)
968
{
969
	if (group)
970
		atomic_dec(&group->users);
971
}
972

973
static inline struct tomoyo_domain_info *tomoyo_domain(void)
974
{
975
	return current_cred()->security;
976
}
977

978
static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct
979
							    *task)
980
{
981
	return task_cred_xxx(task, security);
982
}
983

984
static inline bool tomoyo_same_acl_head(const struct tomoyo_acl_info *p1,
985
					   const struct tomoyo_acl_info *p2)
986
{
987
	return p1->type == p2->type;
988
}
989

990
static inline bool tomoyo_same_name_union
991
(const struct tomoyo_name_union *p1, const struct tomoyo_name_union *p2)
992
{
993
	return p1->filename == p2->filename && p1->group == p2->group &&
994
		p1->is_group == p2->is_group;
995
}
996

997
static inline bool tomoyo_same_number_union
998
(const struct tomoyo_number_union *p1, const struct tomoyo_number_union *p2)
999
{
1000
	return p1->values[0] == p2->values[0] && p1->values[1] == p2->values[1]
1001
		&& p1->group == p2->group && p1->min_type == p2->min_type &&
1002
		p1->max_type == p2->max_type && p1->is_group == p2->is_group;
1003
}
1004

1005
/**
1006
 * list_for_each_cookie - iterate over a list with cookie.
1007
 * @pos:        the &struct list_head to use as a loop cursor.
1008
 * @head:       the head for your list.
1009
 */
1010
#define list_for_each_cookie(pos, head)					\
1011
	if (!pos)							\
1012
		pos =  srcu_dereference((head)->next, &tomoyo_ss);	\
1013
	for ( ; pos != (head); pos = srcu_dereference(pos->next, &tomoyo_ss))
1014

1015
#endif /* !defined(_SECURITY_TOMOYO_COMMON_H) */
1016

1017